检测url(target)=https://example:port/a/b/c
q1258089344 opened this issue · comments
这种多级路径时,xray不会进行检测吗?若是https://example:port/a则正常进行检测
- 会进行检测的
- 发一下运行的命令?
.\xray_windows_386.exe --log-level debug ws --poc "D:\working\document\ 内容风险\xray\workspace/pocs/*" --url-file D:\working\document\内容风险\xray\workspace\2024-04-29\16-33-42-domain.txt --html-output D:\working\document\内容风险\xray\workspace\2024-04-29\16-33-42-other.html
name: poc-yaml-js-report
manual: false
transport: http
set:
# /test/test
inputPath: request.url.path
rules:
r1:
request:
cache: true
method: GET
# target: http://example.com:8080/test/test/b
# 如果以 ^ 开头,取 path 作为请求路径
path: '^{{inputPath}}/release/visualizer/reporter.html'
expression: "true"
expression: r1()
detail:
author: yywing
POC Loaded:
poc-yaml-js-report
[DBUG] 2024-05-11 14:52:47 [controller:dispatcher.go:230] fingers count: 2
[DBUG] 2024-05-11 14:52:47 [controller:dispatcher.go:231] building finger tree
[DBUG] 2024-05-11 14:52:47 [controller:dispatcher.go:239] start to trim the invocation tree
[DBUG] 2024-05-11 14:52:47 [controller:dispatcher.go:291] init the event bus
[DBUG] 2024-05-11 14:52:47 [controller:dispatcher.go:364] service finger count: 1, flow finger count: 2
[DBUG] 2024-05-11 14:52:47 [collector:url-list.go:36] processing https://lppadweb.paas.cmbchina.com/asdfasdfa/sdfsadf/fdsfg/asdfasdf/dfgsdf/dsfgsdh/fdgh/dfghdfgh/dfgh
[DBUG] [DBUG] 2024-05-11 14:52:47 [default:client.go:188] GET https://lppadweb.paas.cmbchina.com/asdfasdfa/sdfsadf/fdsfg/asdfasdf/dfgsdf/dsfgsdh/fdgh/dfghdfgh/dfgh
2024-05-11 14:52:47 [collector:url-list.go:36] processing https://lppadweb.paas.cmbchina.com/a
[DBUG] 2024-05-11 14:52:47 [default:client.go:188] GET https://lppadweb.paas.cmbchina.com/a
[DBUG] 2024-05-11 14:52:47 [default:client.go:188] GET https://lppadweb.paas.cmbchina.com/index.php
[INFO] 2024-05-11 14:52:47 [collector:url-list.go:66] waiting requests in queue
[INFO] 2024-05-11 14:52:47 [default:dispatcher.go:444] processing GET https://lppadweb.paas.cmbchina.com/a
[INFO] 2024-05-11 14:52:47 [default:dispatcher.go:444] processing GET https://lppadweb.paas.cmbchina.com/asdfasdfa/sdfsadf/fdsfg/asdfasdf/dfgsdf/dsfgsdh/fdgh/dfghdfgh/dfgh
[DBUG] 2024-05-11 14:52:47 [runner client:http.go:54] req:
GET /a/release/visualizer/reporter.html HTTP/1.1
Host: lppadweb.paas.cmbchina.com
[DBUG] 2024-05-11 14:52:47 [default:client.go:188] GET https://lppadweb.paas.cmbchina.com/a/release/visualizer/reporter.html
[DBUG] 2024-05-11 14:52:47 [runner client:http.go:69] resp:
HTTP/1.1 404 Not Found
Content-Length: 146
Content-Type: text/html
Date: Sat, 11 May 2024 06:52:47 GMT
Server: nginx
404 Not Found
nginx
[Vuln: phantasm]
Target "https://lppadweb.paas.cmbchina.com/a"
VulnType "poc-yaml-js-report/default"
Author "yywing"
[DBUG] 2024-05-11 14:52:48 [controller:dispatcher.go:502] sending last stat
[INFO] 2024-05-11 14:52:48 [controller:dispatcher.go:573] controller released, task done
name: poc-yaml-js-report
manual: false
transport: http
set:
# /test/test
inputPath: request.url.path
rules:
r1:
request:
cache: true
method: GET
# target: http://example.com:8080/test/test/b
# 如果以 ^ 开头,取 path 作为请求路径
path: '^{{inputPath}}/release/visualizer/reporter.html'
expression: "true"
expression: r1()
detail:
author: yywing
卧槽 兄弟 涉及ip地址的 你脱下敏吧, 有点害怕。
卧槽 兄弟 涉及ip地址的 你脱下敏吧, 有点害怕。
问题不大 都是404地址
卧槽 兄弟 涉及ip地址的 你脱下敏吧, 有点害怕。
大佬有空帮我看看,为啥一级路径符合poc预期,多级路径就没结果
你的脚本和用法感觉没问题 怀疑是检测深度(印象中有个子路径检测深度的)导致的。配置中能不能配置我也忘了。
建议使用 xpoc xpoc 应该没有这个问题
你的脚本和用法感觉没问题 怀疑是检测深度(印象中有个子路径检测深度的)导致的。配置中能不能配置我也忘了。
建议使用 xpoc xpoc 应该没有这个问题
配置曾中找过,没找到。要换工具感觉有点难顶,改动太大,部署Linux时libpcap缺了还要gcc编译安装才行。踩坑太难受了~~
好吧~新版本会暴露出这个配置吗~thx
xpoc没有相关的限制,给他啥就发啥
https://docs.xray.cool/tools/xray/Configuration#phantasm
depth 试试
可以了,十分感谢大佬~